More Articles

BOSTON — Michaels, the biggest U.S. arts-and-crafts retailer, said yesterday that it’s working
with federal law-enforcement officials to investigate a possible data breach of its systems that
process payment cards.

“We are concerned there may have been a data security attack on Michaels that may have affected
our customers’ payment card information, and we are taking aggressive action to determine the
nature and scope of the issue,” Chief Executive Chuck Rubin said in a statement.

The company said it also has hired an outside forensics firm to investigate the matter.

If the company’s suspicions are confirmed, Irving, Texas-based Michaels would become the third
major U.S. retailer to be identified as a victim of a cyberattack since the middle of last month.
Target Corp. reported an unprecedented breach over the holiday shopping season, and luxury chain
Neiman Marcus disclosed that it had suffered a smaller attack.

Last week, the FBI cautioned retailers to prepare for more attacks, saying it expects hackers
will succeed in using similar techniques to break into networks at other chains.

Michaels said in its statement that it had “recently learned of possible fraudulent activity on
some U.S. payment cards that had been used at Michaels, suggesting that the company may have
experienced a data security attack.”

That statement quoted Rubin as saying that while the company had not confirmed that its systems
had been compromised, “We believe it is in the best interest of our customers to alert them to this
potential issue so they can take steps to protect themselves.”

Target has said that about 40 million payment-card numbers and 70 million more customer records
were compromised. Neiman Marcus has said about 1.1 million payment-card numbers were taken.